Posted
by
Unknown Lamer
on Wednesday April 09, 2014 @10:09AM
from the did-you-check-the-couch-cushions? dept.

Martin S. (98249) writes "The Register reports on a paper at the arXiv (abstract below) by Christian Decker and Roger Wattenhofer analyzing a year's worth of Bitcoin activity to reach the conclusion that MtGox's claims of losing their bitcoins because of the transaction malleability bug are untrue. The Abstract claims: 'In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. ... In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.'"
Quoting El Reg: "By extracting transaction keys from the transaction set, the researchers say, they were able to identify more than 35,000 transaction conflicts and more than 29,000 “confirmed attacks” covering more than 300,000 Bitcoins." And less than 6000 were actually successful.

This is all to be expected isn't it? It seems like when there is opportunity to scam people out of money, someone will set up an operation to exploit it. Every natural disaster results in hundreds of fake charities being set up to collect donations. And digital currency saw all manner of opportunists attempting to participate at every level from bitcoin mining viruses to setting up exchanges with disappearing money "bugs."

I don't know what prompted the Red Cross comment, but is is easy enough to check through Charity Navigator. The Red Cross spends 4% on administration and 5.1% on fund raising; the rest goes to programs.

Actually, I think the research lines up rather nicely with them dropping the ball too. It could be an example of them having no clue what they are doing or having their own understanding of how things work. So 'incompetence' is still firmly in the running.

Most likely, they screwed up and lost their private keys. ie: Plain old incompetence.

The code that was leaked to pastebin made it look like they were storing these in something like instances on Amazon EC2. If it turned out they were storing it on ephemeral storage rather than EBS, I don't know if I'd laugh or cry. But it would be an explanation if it were true. Again tough, that would come back to incompetence.

I'd trust a pot head over a money-grubbing corporate overlord. I have personally worked with the type of psychos that run a lot of companies. They are completely immoral. They often cannot even see their lack of integrity as they have rationalized their decisions long ago. They surround themselves with those that won't rock the boat; "yes men/women". And it's so easy to fall into when you are on top... nobody cares that the emperor has no clothes as long as they get the bonus and raise.

Remember that commercial where they gave some poor dude 100k and asked him to watch it. Pot smokers don't steal it. Asshole libertarian, free market loving, usually conservative pricks steal*.

So you keep the c-levels of ING, Chase, etc. I'll take The Dude any day.

* = I am sorta libertarian, like the free market, and agree with some moderate conservatives. But it seems the psychos all LOVE these things and use them as the basis for their rationalizations.

They wrongly assume that they were able to capture all MtGox transaction attempts. Many were posted on their API that were never broadcasted over the network because they were broken / invalid. That didn't stop people from fixing and / or malleating (sp?) them.

You don't seem to understand the purpose of Bitcoin, or what a Ponzi scheme is. Ponzi schemes have nothing to do with exchanging money for virtual items, and Bitcoin itself has nothing to do with investment (although some people might use it for speculative reasons). The cause of all these recent Bitcoin problems is shady characters running the exchanges. But that is a problem with all currency, virtual or not.

You don’t seem to understand the purpose of Bitcoin, or what a Ponzi scheme is...

... Or what money is. Fiat currency has no value other than to 1) Pay your taxes, and 2) Conduct business with others who mutually agree that said currency has an effective value. Within about 15 miles of me, there’s at least one pizza joint and one car dealer that will accept Bitcoin in exchange for their products.

No argument that BTC is less widely accepted than most other currencies, but don’t conflate w

Fiat currency has no value other than to 1) Pay your taxes, and 2) Conduct business with others who mutually agree that said currency has an effective value.

None of that is unique to fiat currency. Gold just isn't that useful. Currency backed by something useful is sufficiently rare that it's clearly not important.

Currency is a useful medium of exchange. Intrinsic value isn't important, only current value (thus the name). Bitcoin is still pretty iffy in its ability to buy anything anywhere, but that's the only hurdle it needs to jump. It prospered in a black market, sure, but as a "legit" currency it has yet to establish itself.

Gold may not be incredibly useful, but it is (a) rare and (b) unreactive and (c) pretty and malleable. So it definitely has intrinsic properties that make it valuable. Probably scarcity above all though.

Gold's value as an industrial metal is quite small. The features you mention make it a good choice for specie-based currency. Having value in that it's well suited for use as currency is not intrinsic value, it's value-as-currency.

You don't seem to understand the purpose of Bitcoin, or what a Ponzi scheme is. Ponzi schemes have nothing to do with exchanging money for virtual items, and Bitcoin itself has nothing to do with investment (although some people might use it for speculative reasons). The cause of all these recent Bitcoin problems is shady characters running the exchanges. But that is a problem with all currency, virtual or not.

You don't seem to understand why Bitcoins are a Ponzi scheme (and neither does the GP who brought it up.)

Bitcoin mining is designed to decrease over time [bitcoin.it] until all 21 million coins have been mined. This means that the folks who got in early (i.e. the inventors) make out like bandits and the late arrivals are left holding the bag. The best part is that they have all sorts of true believers out there running interference for them in tech forums like/. It's like printing (real) money. Oh, wait...

The blockchain is PUBLIC. The vulnerability they mentioned is legitimate. They found 6000 successful attempts on the blockchain of double-spending a change transaction (all bitcoin transactions have an initial transaction and a change transaction, unless the amount matches perfectly).

These weren't related to known Mt. Gox addresses. How is this hard to understand that these guys know what they are talking about? Many of us in the bitcoin community could see this the very next day, as soon as we looked.

I mean, if you lost 64,564 bitcoins from a known and easy to research flaw....

then I'm VERY sure that you had a LOT of other security flaws unpatched on your servers.

I know that even on my home servers I try and do "enough" diligence to ensure all know flaws are patched.. And on work related boxes, we ALL verify constantly all known vectors are closed...The fact that they found 10% of the "lost" coins with publicly available information and widely known bugs, lets me know that there are SURE to be a LOT more hidden flaws bleeding bitcoins like crazy...

then I’m VERY sure that you had a LOT of other security flaws unpatched on your servers.

Transaction malleability is a lot different than having an unpatched OpenSSL on your server or something. Security bugs in unpatched software are a thing that are well-understood by sysadmins and security researchers. Weaknesses in the cryptography underlying Bitcoin are truly understood by perhaps a handful of people on the Earth at this time. It would be nice to presume that an organization positioning itself

This was a KNOWN and PUBLISHED flaw since 2011, along with clear instructions about how to avoid it. Any casual first-time programmer of bitcoin would have seen this when learning how to program bitcoin (it's on the Wiki: https://en.bitcoin.it/wiki/Tra... [bitcoin.it]). Mt. Gox, having been around since 2010, could have not noticed I suppose, except that Gavin Andreson (the lead bitcoin developer) is on record as having warned them about this flaw multiple times. And it was brought up in a Bitcoin Foundation meeting

Security bugs in unpatched software are a thing that are well-understood by sysadmins and security researchers.

Really? The bitcoin is valued at several billions of dollars. The reward for breaking Keccak was academic creds. The reward for breaking bitcoin is notoriety for life, and being set for life as well. Besides, you do know that nothing in Bitcoin is encrypted, right? There is one signature and a lot of hashing. There isn't even a nonce.

Additionally, this isn’t an unpatched security flaw where upgrading to Bitcoin 1.1 would have fixed the issue. It’s a weakness inherent to the Bitcoin protocol which may or may not be able to be repaired without invaliding all existing BTC transactions.

Said like a person who is eager to prove he doesn't know much about the subject he is commenting on. It wasn't the upgrade to bitcoin 1.1 that fixed the issue, it was th

Yes, because if you come here from an RSS link and choose to go to the classic site, you're looped right back into beta. It's more than an annoyance and it took me a few tries befoer I figured out that I was better off cut and pasting the link in direct. I'm really starting to sour on the whole experience - and since 90% of what/. posts lately is stuff that I've already seen on a number of my source feeds, the only reason to come here is for the comments - whcih beta is making it hard to get to. Give it

The thing I'd kinda like to know is, if this is an inside job (and things like "Mt. Gox is saying one thing but we've proven they're lying!" kinda implies that) then what was the end game?

If your business goes bankrupt, then it becomes extremely difficult to launder your supposedly stolen assets. And it's one thing to steal from your company (in some way) if you think the company is going to last decades and you can be well clear once the scam is found out, like the guys who ran Adelphia or Worldcom pres

Not necessarily assuming the guy at the top. Regardless of who plans and executes the scam, a bankruptcy is going to suddenly result in massive focus on everything going on, every system and transaction and so on. Outsides who you're unfamiliar with (so can't use your usual bag of tricks to pull the wool over the eyes of) will be brought in, and will investigate what you were doing. Even regular management will suddenly find themselves having to justify their own actions and investigate things they never l

> To be honest, if I were a fraudster, the very last place I'd start is a business that is likely to go> bankrupt even if it trades honestly

But that would assume the fraudster understands these particular dynamics and/or agrees it is likely to go bankrupt even if trading honestly. Frankly, I am not sure I agree with that assessment. Had they operated properly and not fucked up so royally (assuming it wasn't intentional) I don't see why they were likely to go bankrupt.

Some of the "missing" bitcoins were found in accounts that Karpeles forgot that he had previously told people he had control over. If he weren't the guilty party, wouldn't he have mentioned this upfront. Looks ultra-shady.

Well see that's the thing about a bitcoin wallet with a few million in... Its VERY easy to hide then when the shit has died down, later recover it and untraceably sell the bitcoins.

The only thing the cops would have to go on would be after the suspect starts selling them, by watching any bank account they have access to and how it suddenly got a bunch of dollars credited to it. I'm sure ther

Karpeles IS unusually stupid (OK, let's say arrogant and naive). He claimed to have lost 2,000,000 bitcoins until people looked at the PUBLIC blockchain and found that he had previously had access to accounts where some of the "missing" bitcoins were still sitting. Then, all of a sudden, when the Japanese court threatened him with arrest, he was suddenly able to "find" and produce them.

The transactions did happen by malleability attack. What makes you think they did not?

The paper suggested they happened due to a malleability attack, I have no reason to think otherwise. It was not me who said that was nonsense.

It would look like any other transaction.

The paper carefully explained difference in the looks of the involved transactions. By saying an attack would look like any other transaction, you are contradicting the paper, and you are providing less evidence to support your case than the p

The signature is two values (r,s). These values are stored and transmitted as binary strings. They have a maximum length, but not a minimum. So, if your calculated r is less than 2^248, the most significant byte is all zeros, ditto 2^240 and the next byte.

The spec says to minimize the encoding, but openssl accepts the padded form. The bitcoin software started refusing to relay transactions with improperly padded transactions, even though they are still valid, if they make it into a block.

No, there is no intention to tighten the blockchain rules at this time. This would cause a hard fork, and breaking compatibility with old versions is not considered lightly.

Mtgox's software is unique. The reference client, for example, can not be fooled by changing transaction IDs. The frequency of success at actually winning the race to get the modified version into a block only matters if you've written your own software that is totally reliant on transaction IDs.

No, there is no intention to tighten the blockchain rules at this time. This would cause a hard fork, and breaking compatibility with old versions is not considered lightly.

And it should not be taken lightly. But as I understand it, such forks have been done in the past, and another one will be needed due to transaction volume approaching a hard limit imposed by the current rules. The particular tightening of the rules about signatures could piggyback on another update, which would cause a fork. Is there an

Sorry to reply off-topic, but this part isn't true. We'll just start using more off-chain transactions.

That's actually not off-topic at all. The description of off-chain transactions [bitcoin.it] mention that one way to do it is through the use of trusted third parties such as Mt. Gox! It does proceed to describe how a system could potentially be designed with auditing that can prove if fraud is happening, which would be an improvement, but it does not suggest any way to avoid such fraud.

I don't think so. Let's say somebody wants to perform a DoS attack spending as few bitcoins as possible. Just take a tiny amount of bitcoins and spend it all on transaction fees one satoshi at a time. With transactions spending one satoshi in fee and not actually transferring any bitcoins anywhere, miners would have incentive to include those transactions in the blocks. After all, if there is no limit on the block size, a miner may as w

Standard bitcoin community response to any bad news: it's not really bad.

Except the comment you are replying to said the opposite. It was denying the statement made by these researches saying that the alleged theft did not happen. (I know that's a lot of negations, better count them before replying.)

In my opinion, this was most likely incompetence. Or, possibly Mtgox stole from their users (or Mark stole from his own company, which is the same, as far as I'm concerned).

It is extremely unlikely, in my view, that transaction malleability played much of a role.

A malleability exploit is something that people might be willing to accept as "could have happened to anyone", so I think it was tried as cover for incompetence of the more ordinary "not clever enough to safely hold other people's money" variety.

I didn't say that mutated transactions didn't exist, or that the researchers haven't actually seen any.

They certainly do exist, and I have no reason to doubt that the researchers have found some in the wild.

I'm saying that if such an attack had been responsible for Mtgox's woes (which I and, I think, most others find extremely unlikely), they would not be visible using the methodology discussed in this paper.

The very short version is that what these "researchers" were looking at isn't actually how the alleged bug would have worked.

That is far too short to be useful.

Mtgox's malleability problem was caused, ironically, by the protocol fixing once source of it. When that happened the network started rejecting mtgox's transactions, in fact they weren't even relayed.

The paper says the were no malleability attacks of the scale mtgox claims because they didn't see the required number of malleable transactions. This would have been reasonable if the attacker also depended on seeing the malleable transactions relayed by the network. But the